Jul 23, 2024
The need for undergoing PIA has escalated into an urgent matter as numbers of data breaches were reported to the National Privacy Commission (NPC) over the past few months, targeting both public and private institutions.
Part of operationalizing compliance within an organization is the Privacy Impact Assessment (PIA) conducted by the assigned DPOs and members of the Compliance Team. In this procedure, data processing systems, which are basically systems or procedure that involve processing of personal data, are identified and analyzed to determine the risks each process might entail to data privacy. The end goal of the assessment is for the organization to be able to manage and address these identified risks before it even results to a data breach through proper implementation of security measures such as creation of policies, data sharing agreements, and privacy documents, and enforcing strict file safekeeping or encryption to ensure confidentiality, integrity, and availability of data.
The need for undergoing PIA has escalated into an urgent matter as numbers of data breaches were reported to the National Privacy Commission (NPC) over the past few months, targeting both public and private institutions. With this, NPC has been doubling their efforts in championing compliance activities to combat against data breaches. Following the recent privacy sweep they conducted inside a famous establishment in Manila, NPC has also advised the Commission on Elections (COMELEC) to do a PIA for its proposal of placing photos of the registered voters next to their full names which will be posted outside polling precincts during election days, stating that COMELEC must assess first its importance and necessity before coming up with an implementation plan.
While it is essentially a big move for COMELEC, the proposed measure has its pros and cons. According to COMELEC Chairperson George Garcia, posting photos of voters next to their full names will allow a more streamlined electoral process as it will be easier for voters to spot their designated precincts. Part of also streamlining the process is the ease of identity verification for the voters, as there are instances that some voters share the same first and last names with other voters.
On the other hand, this specific measure could also bring problems in terms of privacy. During the past elections, only the list of registered voters inside the precincts have corresponding photos next to their names which poll watchers use to check if it matches with the voter present during that time. Doing the same procedure outside the precincts where everyone has access to can lead to certain privacy issues. By getting the full name and reproducing the photo of the voter, someone can easily commit fraudulent acts such as identity theft and scams without the victim’s knowledge.
Hence, NPC is advocating the conduct of the PIA, because in doing so, pros and cons can be weighed, and certain procedures will be assessed if it is indeed necessary to fulfill the obligations of the institution without jeopardizing the protection of the privacy of individuals.